A Growing Threat: Cyber Security in the Construction Industry

When it comes to data breaches, no one is exempt. In 2018, billions of people were affected – 765 million in the months of April, May and June alone. The construction industry is beginning to feel this impact, as targeted attacks are on the rise. Why is that?

For starters, many construction companies don’t have advanced security technology or security best practices in place. This often leads them to expose trade secrets and other intellectual property. From complex projects and blueprints to other sensitive data, attackers use this information to sell or extort for financial gain.

The most common attack vector today are phishing emails. The FBI’s latest Internet Crime Report (IC3) revealed that U.S. victims lost more than $2.7 billion to internet crimes in 2018, with email fraud leading the pack in terms of cost. For businesses, hackers tend to send emails from genuine accounts that have been attacked rather than fake ones. The email may seem like it’s coming from a colleague but is in fact being controlled by someone who’s not the sender. Cyber security vendor Symantec recently reported that one out of every 382 emails exchanged in the construction industry in 2018 had malicious content and that Microsoft Office files accounted for 48% of malicious email attachments.

While there is no fix to keep companies totally immune from attack, there are ways to minimize the opportunity for damage and be prepared for it. Here are some basic takeaways to mitigate risks:

    • Begin by having a third party perform a cyber security assessment and vulnerability scan. Their reports will offer guidance and recommendations based on your company’s current security posture and uncover any areas of weakness.
    • Develop cyber security policies and procedures that map out best practices and an incident response plan for what to do when a breach occurs.
    • Ensure systems are frequently patched. By having up-to-date systems, companies can minimize their potential risks from known vulnerabilities.
    • Educate end users on security awareness, especially around social engineering. Encourage employees to develop strong passwords and be cautious when reviewing emails.
    • Regularly back up critical data.
    • Safeguard your Internet connection by using a firewall and password protecting access to your router.

Engage a Managed Security Services Provider (MSSP) like Rehmann with 24x7x365 detection and response capabilities to ensure that malicious attacks are detected and mitigated as soon as possible with minimal disruption to your business. While many may see cyber security as an added expense, the cost of a data breach ($2,988,546 per incident, according to the Ponemon Institute) should appear far more daunting. By increasing internal security measures and partnering with a vendor to detect and mitigate threats as they occur, construction companies can best protect themselves and their customers from the growing threat of cyberattacks.


To see how your security stacks up, take one of Rehmann’s IT assessments today at Rehmann.com/it-assessments.

Questions? Contact us at info@rehmann.com or 616.257.3976 for more information on how we can help your organization detect and mitigate cyber risk.

Read the entire June Newsletter here!